upstream: U2F/FIDO middleware interface

Supports enrolling (generating) keys and signatures. feedback & ok markus@ OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592
author: djm@openbsd.org <djm@openbsd.org> 2019-10-31 21:16:20 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-01 09:46:09 +1100
commit: ed3467c1e16b7396ff7fcf12d2769261512935ec (patch)
tree: b70d41447c71e9b9be17361a305298692f32c6d4 /ssh-sk.h
parent: 02bb0768a937e50bbb236efc2bbdddb1991b1c85 (diff)
1 files changed, 49 insertions, 0 deletions
diff --git a/ssh-sk.h b/ssh-sk.h
new file mode 100644
index 000000000..7c1d2b927
--- /dev/null
+++ b/ssh-sk.h
@@ -0,0 +1,49 @@
+/* $OpenBSD: ssh-sk.h,v 1.1 2019/10/31 21:16:20 djm Exp $ */
+/*
+ * Copyright (c) 2019 Google LLC
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _SSH_SK_H
+#define _SSH_SK_H 1
+struct sshbuf;
+struct sshkey;
+/*
+ * Enroll (generate) a new security-key hosted private key via the specified
+ * provider middleware.
+ * If challenge_buf is NULL then a random 256 bit challenge will be used.
+ *
+ * Returns 0 on success or a ssherr.h error code on failure.
+ *
+ * If successful and the attest_data buffer is not NULL then attestation
+ * information is placed there.
+ */
+int sshsk_enroll(const char *provider_path, const char *application,
+    uint8_t flags, struct sshbuf *challenge_buf, struct sshkey **keyp,
+    struct sshbuf *attest);
+/*
+ * Calculate an ECDSA_SK signature using the specified key and provider
+ * middleware.
+ *
+ * Returns 0 on success or a ssherr.h error code on failure.
+ */
+int sshsk_ecdsa_sign(const char *provider_path, const struct sshkey *key,
+    u_char **sigp, size_t *lenp, const u_char *data, size_t datalen,
+    u_int compat);
+#endif /* _SSH_SK_H */
author	djm@openbsd.org <djm@openbsd.org>	2019-10-31 21:16:20 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-01 09:46:09 +1100
commit	ed3467c1e16b7396ff7fcf12d2769261512935ec (patch)
tree	b70d41447c71e9b9be17361a305298692f32c6d4 /ssh-sk.h
parent	02bb0768a937e50bbb236efc2bbdddb1991b1c85 (diff)

diff --git a/ssh-sk.h b/ssh-sk.h new file mode 100644 index 000000000..7c1d2b927 --- /dev/null +++ b/ssh-sk.h
@@ -0,0 +1,49 @@
	1	/* $OpenBSD: ssh-sk.h,v 1.1 2019/10/31 21:16:20 djm Exp $ */
	2	/*
	3	* Copyright (c) 2019 Google LLC
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#ifndef _SSH_SK_H
	19	#define _SSH_SK_H 1
	20
	21	struct sshbuf;
	22	struct sshkey;
	23
	24	/*
	25	* Enroll (generate) a new security-key hosted private key via the specified
	26	* provider middleware.
	27	* If challenge_buf is NULL then a random 256 bit challenge will be used.
	28	*
	29	* Returns 0 on success or a ssherr.h error code on failure.
	30	*
	31	* If successful and the attest_data buffer is not NULL then attestation
	32	* information is placed there.
	33	*/
	34	int sshsk_enroll(const char provider_path, const char application,
	35	uint8_t flags, struct sshbuf challenge_buf, struct sshkey *keyp,
	36	struct sshbuf *attest);
	37
	38	/*
	39	* Calculate an ECDSA_SK signature using the specified key and provider
	40	* middleware.
	41	*
	42	* Returns 0 on success or a ssherr.h error code on failure.
	43	*/
	44	int sshsk_ecdsa_sign(const char provider_path, const struct sshkey key,
	45	u_char *sigp, size_t lenp, const u_char *data, size_t datalen,
	46	u_int compat);
	47
	48	#endif /* _SSH_SK_H */
	49